commit: 268dd32d76b42dc1f2a044cedeee5446cb9185c2
parent: bea97ea76638552e437a3b6d6f48040449849448
Author: Matt Jankowski <mjankowski@thoughtbot.com>
Date: Tue, 2 May 2017 17:37:58 -0400
Auth sign out (#2511)
* Add a spec for signing out
* Add spec showing that suspended user gets a 403 forbidden on sign out
* Allow suspended account users to sign out
Diffstat:
2 files changed, 28 insertions(+), 0 deletions(-)
diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb
@@ -6,6 +6,7 @@ class Auth::SessionsController < Devise::SessionsController
layout 'auth'
skip_before_action :require_no_authentication, only: [:create]
+ skip_before_action :check_suspension, only: [:destroy]
prepend_before_action :authenticate_with_two_factor, if: :two_factor_enabled?, only: [:create]
def create
diff --git a/spec/controllers/auth/sessions_controller_spec.rb b/spec/controllers/auth/sessions_controller_spec.rb
@@ -16,6 +16,33 @@ RSpec.describe Auth::SessionsController, type: :controller do
end
end
+ describe 'DELETE #destroy' do
+ let(:user) { Fabricate(:user) }
+
+ before do
+ request.env['devise.mapping'] = Devise.mappings[:user]
+ end
+
+ context 'with a regular user' do
+ it 'redirects to home after sign out' do
+ sign_in(user, scope: :user)
+ delete :destroy
+
+ expect(response).to redirect_to(root_path)
+ end
+ end
+
+ context 'with a suspended user' do
+ it 'redirects to home after sign out' do
+ Fabricate(:account, user: user, suspended: true)
+ sign_in(user, scope: :user)
+ delete :destroy
+
+ expect(response).to redirect_to(root_path)
+ end
+ end
+ end
+
describe 'POST #create' do
before do
request.env['devise.mapping'] = Devise.mappings[:user]